CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 3 days ago•4 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Cvelist•added 3 days ago•21 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

6.5CVSS0.00022EPSS

CVE•added 3 days ago•6 views

CVE-2026-45267

Nextcloud (open source content collaboration platform) has a vulnerability identified as CVE-2026-45267 where a missing permissions check in form submissions allowed a user to read submissions from other users. The issue affects versions prior to 5.2.6 and has been fixed in 5.2.6. The root cause ...

EUVD•added 3 days ago•4 views

EUVD-2026-33679

CNNVD•added 3 days ago•3 views

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...

6.5CVSS5.8AI score0.00022EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-45477

OSV•added 6 days ago•1 views

Exploits0References4

GHSA-PGXQ-P76C-X9CG formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00044EPSS

Exploits0References5

Vulnrichment•added 6 days ago•6 views

CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS5.8AI score0.00044EPSS

Wordfence Blog•added 6 days ago•7 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score

Exploits0

CNNVD•added 6 days ago•3 views

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.21 and 3.1.26 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to modify existing submissions by submitting known or guess...

8.7CVSS5.8AI score0.00044EPSS

OSV•added last week•1 views

UBUNTU-CVE-2026-46220

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUGON with WARNON in fence emission sdmav40ringemitfence contains two BUGONaddr & 0x3 assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged...

5.7AI score0.00032EPSS

Exploits0References8

NVD•added last week•5 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00211EPSS

EUVD•added last week•4 views

EUVD-2026-32740

Vulnrichment•added last week•3 views

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

CVE•added last week•10 views

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

ATTACKERKB•added last week•4 views

CVE-2026-7052

Cvelist•added last week•28 views

Exploits0References13

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

7.2CVSS0.00211EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44200

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...